Abstract
Software-Defined Networks (SDN) initiates a novel networking model. SDN introduces the separation of forwarding and control planes by proposing a new independent plane called network controller. The architecture enhances the network resilient, decompose management complexity, and support more straightforward network policies enforcement. However, the model suffers severe security threats. Specifically, a centralized network controller is a precious target for the attackers for two reasons. First, the controller is located at a central location between the application and data planes. Second, a controller is software which prone to vulnerabilities, e.g., buffer and stack overflow. Hence, providing security measures is a crucial procedure towards the fully unleash of the new model capabilities. Intrusion detection is one option to enhance networking security. Several approaches were proposed, for instance, signature-based, and anomaly detection. Anomaly detection is a broad approach deployed by various methods, e.g., machine learning. For many decades intrusion detection solution suffers performance and accuracy deficiencies. This paper revisits network anomalies detection as recent advances in machine learning particularly deep learning. The study proposes an intrusion detection framework based on unsupervised deep learning algorithms. The framework consists of an unsupervised deep learning phase followed by simple clustering algorithms, e.g. k-means. Our results showed accuracy over 99%, that is a significant improvement in detection accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kreutz, D., Ramos, F.M.V., Esteves Verissimo, P., Esteve Rothenberg, C., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Open Networking Foundation (ONF): (2015). https://www.opennetworking.org/
McKeown, N., et al.: OpenFlow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Klöti, R., Kotronis, V., Smith, P.: OpenFlow: a security analysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP), Goettingen, pp. 1–6 (2013)
Kreutz, D., Ramos, F.M., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of 2nd ACM SIGCOMM Workshop Hot Topics Software Defined Network, pp. 55–60 (2013)
Ghorbani, A.A., Lu, W., Tavallaee, M.: Network Intrusion Detection and Prevention Concepts and Techniques. Advances in Information Security, vol. 47. Springer, US (2010). https://doi.org/10.1007/978-0-387-88771-5
Mudzingwa, D., Agrawal, R.: A study of methodologies used in intrusion detection and prevention systems (IDPS). In: 2012 Proceedings of IEEE Southeastcon, pp. 1–6, 15–18 March 2012
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823–839 (2012)
Krizhevsky, A., Sutskever, I., Hinton, G.: ImageNet classification with deep convolutional neural networks. In: NIPS (2012)
Hinton, G.E., Osindero, S., Teh, Y.: A fast learning algorithm for deep belief nets. Neural Comput. 18, 1527–1554 (2006)
Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)
Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha, A., Takahashi, R., Schaefer, G., Costa, L. (eds.) Soft Computing in Industrial Applications, pp. 293–303. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20505-7_2
Dong, B., Wang, X.: Comparison deep learning method to traditional methods using for network intrusion detection. In: 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN), Beijing, pp. 581–585 (2016)
Zhai, S., Cheng, Y., Lu, W., Zhang, Z.: Deep structured energy based models for anomaly detection. In: Balcan, M.F., Weinberger, K.Q. (eds.) Proceedings of the 33rd International Conference on International Conference on Machine Learning - Volume 48 (ICML 2016), vol. 48, pp. 1100–1109. JMLR.org (2016)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 1–6 (2009). https://doi.org/10.1109/CISDA.2009.5356528
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Dawoud, A., Shahristani, S., Raun, C. (2019). Unsupervised Deep Learning for Software Defined Networks Anomalies Detection. In: Nguyen, N., Kowalczyk, R., Xhafa, F. (eds) Transactions on Computational Collective Intelligence XXXIII. Lecture Notes in Computer Science(), vol 11610. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-59540-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-59540-4_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-59539-8
Online ISBN: 978-3-662-59540-4
eBook Packages: Computer ScienceComputer Science (R0)